Metasploit mailing list archives
Fun with antimeter
From: Nikhil Mittal <nikhil_uitrgpv () yahoo co in>
Date: Sat, 16 Apr 2011 21:13:41 +0530 (IST)
Hi List, Today I was playing with antimeter (A program from hack4career.com to detect and kill meterpreter in memory). It indeed detects and kills meterpreter. One thing I noticed is that antimeter do not checks its own memory for meterpreter. So I wrote this very small script which can be used to either kill antimeter or to migrate into it to avoid detection. I name it antiantimeter. hehe meterpreter > run antiantimeter -k [*] Searching for antimeter... [*] Found antimeter process 5116...Killing -------------------------------------------------------------------------------------------------------------------------------- meterpreter > run antiantimeter -m [*] Searching for antimeter... [*] Found antimeter process 2488...Migrating in it [*] Migrated into antimeter.exe - 2488 P.S. I have borrowed code from some existing scripts. Its just a script for fun do not expect anything useful ;) Nikhil Mittal @nikhil_mitt
Attachment:
antiantimeter.rb
Description:
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Fun with antimeter Nikhil Mittal (Apr 16)
- Re: Fun with antimeter Chao Mu (Apr 17)